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AMENDMENTS TO THE CLAIMS 



1-66. (Cancelled) 



67. (New) A method of providing a resource to a client s the method comprising: 

receiving a request from a Client for the resourge, the request including a (membership 
certificate)certifying at least one ofgroup membershipand group non-membership^as of a time 



associated with the membership certificate, ^ 

determining whether a^signature associatedjvith the membership certificate is valid, 
Comparing the time with a recency threshold associated with the resource, and 
providing the resource to the client only if the signature is valid and the time is within the 
recency threshold. 



^ 68. (New) The method of claim 67, wherein the membership certificate certifies group 
membership, and providing the resource to the client further includes: 

providing the resource to the client only if the group is associated with an access control- 
list. 



69. (New) The method of claim 67, wherein the membership certificate certifies group non- 
membership, and providing the resource to the client further includes: 

providing the resource to the client only if the group is associated with a non-access 
control-list, 

70. (New) A system for providing a resource to a client, the system comprising; 

one or more resources associated with one or more respective recency thresholds, and 
a server in communication with the one or more resources, the server configured to: 

receive a request from the client for one of the one or more resources, the request 
including a membership certificate certifying at least one of group membership and group non- 
membership as of a time associated with the membership certificate, 

determine whether a signature associated with the membership certificate is valid, 
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compare the time with the recency threshold associated with the one of the one or 
more resources, and 

provide the resource to the client only if the signature is valid and the time is 
within the recency threshold. 

71. (New) The system of claim 70, wherein the one or more resources include two or more 
resources are associated with different recency thresholds. 

72. (New) The system of claim 70, wherein the membership certificate certifies group 
membership, and the server is configured to: 

provide the resource to the client only if the group is associated with an access control- 
list. 

73. (New) The system of claim 10, wherein the membership certificate certifies group non- 
merabership, and the server is configured to: 

provide the resource to the client only if the group is associated with a non-access 
control-list. 

74. (New) A processor-readable medium, including instructions to cause a processor to: 

receive a request from a client for the resource, the request including a membership 
certificate certifying at least one of group membership and group non-membership as of a time 
associated with the membership certificate, 

determine whether a signature associated with the membership certificate is valid, 
compare the time with a recency threshold associated with the resource, and 
provide the resource to the client only if the signature is valid and the time is within the 
recency threshold. 

75. (New) The processor program of claim 74, wherein the membership certificate certifies 
group membership, and the instructions to provide the resource to the client further include 
instructions to: 

20/571778.3 

4 




PAGE 8/13 * RCVD AT 1 2/17/2003 3:03:52 PM [Eastern Standard Time] * SVR:USPT0£FXRF-1I1 * DNIS:8729306 ' CSID:617 832 7000 * DURATION (mm-ss):04-00 



12/17/2093 16:03 617-832-7000 



FOLEY HOAG LLP 



PAGE 09/13 



provide the resource to the client only if the group is associated with an access control- 
list. 

76. (New) The processor program of claim 74, wherein the membership certificate certifies 
group non-membership, and the instructions to provide the resource to the client further include 
instructions to: 

provide the resource to the client only if the group is associated with a non-access 
control-list. 

77. (New) A processor data-signal for providing a resource to a client, the processor data-signal 
being embodied in a carrier wave and representing instructions to cause a processor to; 

receive a request from a client for the resource, the request including a membership 
certificate certifying at least one of group membership and group non-membership as of a time 
associated with the membership certificate, 

determine whether a signature associated with the membership certificate is valid, 
compare the time with a recency threshold associated with the resource, and 
provide the resource to the client only if the signature is valid and the time is within the 
recency threshold. 

78. (New) The processor data-signal of claim 77, wherein the membership certificate certifies 
group membership, and the instructions to provide the resource to the client further include 
instructions to: 

provide the resource to the client only if the group is associated with an access control- 
list. 

79. (New) The processor data-signal of claim 77, wherein the membership certificate certifies 
group non-membership, and the instructions to provide the resource to the client further include 
instructions to: 

provide the resource to the client only if the group is associated with a non-access 
control-list. 
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